Sorry, I didn't mean brute force as in DDOS, but as in brute forcing passwords. Particularly if you run it for your family, you are at the mercy of one having a weak password, and as soon as a bot has access to one of your mail accounts, it will send spam and you can kiss goodbye your IP/domain reputation.
Yeah, I got that, and while I am mildly worried about that, it hasn't been an issue in the last almost 20 years.
I am only mentioning bandwidth because someone could easily saturate my internet connections by extensively brute forcing, and that's another mild concern (perhaps those are things that kill my modems?).
In practice, biggest issue is that Gmail in particular will never rank your server as trusted because you are sending too low a volume (how's that for an anti spam measure?), and 1/3rd of recepients report emails ending up in spam folders. Curiously, only Gmail does that.
> Sorry, I didn't mean brute force as in DDOS, but as in brute forcing passwords.
That's super easy to avoid. Use strong passwords.
Heat death of the universe will arrive before anything brute forces a 30 character password generated off /dev/random
I don't have any of my users (just family) set their email passwords, those are generated to be strong. These are not passwords that need to be seen or remembered by anyone, they just go into the IMAP client config.
